def __check_permissions(self, accepted_group, match_if_all=False): """ A function to check user's permission in internal factory functions. Accepts `accepted_group` parameter must be without `group:` lead part. Like: `admins` """ groups = groupfinder(self.username, self.request) type_ = type(accepted_group) if type_ is str: # single STR group if 'group:' + accepted_group in groups: return True else: return False elif type_ is list: # multiple permissions if match_if_all: # Match all for item in accepted_group: if 'group:' + item not in groups: return False return True else: for item in accepted_group: if 'group:' + item in groups: return True return False else: raise TypeError ("Wrong accepted_groups type provided!")
def __call__(self): # Actual function to run by framework (CBV) # TODO: display server IP and maybe some other info which can be loaded only once (will not change during run) if not verify_ip(self.request['REMOTE_ADDR']): return HTTPForbidden() show_settings = False username = authenticated_userid(self.request) user_groups = groupfinder(username, self.request) if user_groups[0] is None: # Deleted user tries to do something headers = forget(self.request) return HTTPForbidden(headers=headers) print ('%s %s %s' % (user_groups, username, show_settings)) return {'username': username, 'show_settings': show_settings, 'user_groups': user_groups}
def vnc_connection(self, username, machine_name, local_user=False): """ Function to prepare proxy VNC connection for VM provider """ global localhost # Step 1: can user view this machine at all? if not username: return False, "Not allowed" user_machines = User.get_user_machines_by_name(username) if user_machines == [True]: pass # Admin elif machine_name not in user_machines: return False, 'Now allowed' # Step 2: Finding your IP to bind to it (this allows remote users to connect) if not local_user: # This was added because local user does not store cookies for WAN IP connection. sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.connect(('yandex.ru', 0)) hostname = sock.getsockname()[0] else: hostname = localhost # Step 3: Finding but not binding free port to run sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: sock.bind((hostname, 0)) # Asking OS to bind free port on your WAN IP except Exception: sock.bind(('', 0)) # If failed - on local IP. hostname = localhost finally: listen_port = sock.getsockname()[1] # << Here it is del(sock) # Step 4: Processing by VM manager answer = self.conn.vnc_connection(user_groups=groupfinder(username, None), machine_name=machine_name, listen_port=listen_port, listen_host=hostname, target_host=localhost) # Step 5: Pack answer to client return answer
def mainline(self): if not verify_ip(self.request['REMOTE_ADDR']): return HTTPForbidden() if groupfinder(self.username, self.request)[0] is None: # Deleted user tries to do something headers = forget(self.request) return HTTPForbidden(headers=headers) # Add to redis info that user is online VMC.log_active(authenticated_userid(self.request)) # Factory to answer for JSON requests try: func = self.functions[self.json['query']] except KeyError: # If we have wrong JSON request print ('Wrong JSON request: ' + str(self.json.get('query'))) return {'status': False, 'answer': 'Wrong query'} else: return func(self)